tabby/ee/tabby-webserver/src/service/db/users.rs

// db read/write operations for `users` table

use anyhow::Result;
use chrono::{DateTime, Utc};
use rusqlite::{params, OptionalExtension, Row};
use uuid::Uuid;

use super::DbConn;
use crate::schema;

#[allow(unused)]
pub struct User {
    created_at: DateTime<Utc>,
    updated_at: DateTime<Utc>,

    pub id: i32,
    pub email: String,
    pub password_encrypted: String,
    pub is_admin: bool,

    /// To authenticate IDE extensions / plugins to access code completion / chat api endpoints.
    pub auth_token: String,
}

impl User {
    fn select(clause: &str) -> String {
        r#"SELECT id, email, password_encrypted, is_admin, created_at, updated_at, auth_token FROM users WHERE "#
            .to_owned()
            + clause
    }

    fn from_row(row: &Row<'_>) -> std::result::Result<User, rusqlite::Error> {
        Ok(User {
            id: row.get(0)?,
            email: row.get(1)?,
            password_encrypted: row.get(2)?,
            is_admin: row.get(3)?,
            created_at: row.get(4)?,
            updated_at: row.get(5)?,
            auth_token: row.get(6)?,
        })
    }
}

impl From<User> for schema::User {
    fn from(val: User) -> Self {
        schema::User {
            email: val.email,
            is_admin: val.is_admin,
            auth_token: val.auth_token,
        }
    }
}

impl DbConn {
    pub async fn create_user(
        &self,
        email: String,
        password_encrypted: String,
        is_admin: bool,
    ) -> Result<i32> {
        self.create_user_impl(email, password_encrypted, is_admin, None)
            .await
    }

    pub async fn create_user_with_invitation(
        &self,
        email: String,
        password_encrypted: String,
        is_admin: bool,
        invitation_id: i32,
    ) -> Result<i32> {
        self.create_user_impl(email, password_encrypted, is_admin, Some(invitation_id))
            .await
    }

    async fn create_user_impl(
        &self,
        email: String,
        password_encrypted: String,
        is_admin: bool,
        invitation_id: Option<i32>,
    ) -> Result<i32> {
        let res = self
            .conn
            .call(move |c| {
                let tx = c.transaction()?;

                if let Some(invitation_id) = invitation_id {
                    tx.execute("DELETE FROM invitations WHERE id = ?", params![invitation_id])?;
                }

                let id = {
                    let mut stmt = tx.prepare(
                        r#"INSERT INTO users (email, password_encrypted, is_admin, auth_token) VALUES (?, ?, ?, ?)"#,
                    )?;
                    stmt.insert((email, password_encrypted, is_admin, generate_auth_token()))?
                };

                tx.commit()?;
                Ok(id)
            })
            .await?;

        Ok(res as i32)
    }

    pub async fn get_user(&self, id: i32) -> Result<Option<User>> {
        let user = self
            .conn
            .call(move |c| {
                c.query_row(User::select("id = ?").as_str(), params![id], User::from_row)
                    .optional()
            })
            .await?;

        Ok(user)
    }

    pub async fn get_user_by_email(&self, email: &str) -> Result<Option<User>> {
        let email = email.to_owned();
        let user = self
            .conn
            .call(move |c| {
                c.query_row(
                    User::select("email = ?").as_str(),
                    params![email],
                    User::from_row,
                )
                .optional()
            })
            .await?;

        Ok(user)
    }

    pub async fn list_admin_users(&self) -> Result<Vec<User>> {
        let users = self
            .conn
            .call(move |c| {
                let mut stmt = c.prepare(&User::select("is_admin"))?;
                let user_iter = stmt.query_map([], User::from_row)?;
                Ok(user_iter.filter_map(|x| x.ok()).collect::<Vec<_>>())
            })
            .await?;

        Ok(users)
    }

    pub async fn verify_auth_token(&self, token: &str) -> bool {
        let token = token.to_owned();
        let id: Result<i32, _> = self
            .conn
            .call(move |c| {
                c.query_row(
                    r#"SELECT id FROM users WHERE auth_token = ?"#,
                    params![token],
                    |row| row.get(0),
                )
            })
            .await;
        id.is_ok()
    }

    pub async fn reset_auth_token(&self, id: i32) -> Result<i32> {
        self.conn
            .call(move |c| {
                let mut stmt = c.prepare(r#"UPDATE users SET auth_token = ? WHERE id = ?"#)?;
                stmt.execute((Uuid::new_v4().to_string(), id))?;
                Ok(())
            })
            .await?;

        Ok(id)
    }
}

fn generate_auth_token() -> String {
    let uuid = Uuid::new_v4().to_string().replace('-', "");
    format!("auth_{}", uuid)
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::service::db::testutils::create_user;

    #[tokio::test]
    async fn test_create_user() {
        let conn = DbConn::new_in_memory().await.unwrap();

        let id = create_user(&conn).await;
        let user = conn.get_user(id).await.unwrap().unwrap();
        assert_eq!(user.id, 1);
    }

    #[tokio::test]
    async fn test_get_user_by_email() {
        let conn = DbConn::new_in_memory().await.unwrap();

        let email = "hello@example.com";
        let user = conn.get_user_by_email(email).await.unwrap();

        assert!(user.is_none());
    }

    #[tokio::test]
    async fn test_auth_token() {
        let conn = DbConn::new_in_memory().await.unwrap();
        let id = create_user(&conn).await;

        let user = conn.get_user(id).await.unwrap().unwrap();

        assert!(!conn.verify_auth_token("abcd").await);

        assert!(conn.verify_auth_token(&user.auth_token).await);

        conn.reset_auth_token(id).await.unwrap();
        let new_user = conn.get_user(id).await.unwrap().unwrap();
        assert_eq!(user.email, new_user.email);
        assert_ne!(user.auth_token, new_user.auth_token);
    }
}
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00			// db read/write operations for `users` table

			`use anyhow::Result;`
			`use chrono::{DateTime, Utc};`
			`use rusqlite::{params, OptionalExtension, Row};`
feat: when is_admin_initialized, implement strict api access check in graphql / v1beta / v1 (#987) 2023-12-08 11:59:56 +00:00			`use uuid::Uuid;`
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00
			`use super::DbConn;`
refactor: restructure JwtPayload and MeQuery (#994) * extract schema::User as format for MeQuery * refactor: restructure JWTPayload * feat: update frontend to adapt JWT token format change * delete generated files 2023-12-09 10:12:54 +00:00			`use crate::schema;`
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00
			`#[allow(unused)]`
			`pub struct User {`
			`created_at: DateTime<Utc>,`
			`updated_at: DateTime<Utc>,`

			`pub id: i32,`
			`pub email: String,`
			`pub password_encrypted: String,`
			`pub is_admin: bool,`
feat: when is_admin_initialized, implement strict api access check in graphql / v1beta / v1 (#987) 2023-12-08 11:59:56 +00:00
			`/// To authenticate IDE extensions / plugins to access code completion / chat api endpoints.`
			`pub auth_token: String,`
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00			`}`

			`impl User {`
			`fn select(clause: &str) -> String {`
feat: when is_admin_initialized, implement strict api access check in graphql / v1beta / v1 (#987) 2023-12-08 11:59:56 +00:00			`r#"SELECT id, email, password_encrypted, is_admin, created_at, updated_at, auth_token FROM users WHERE "#`
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00			`.to_owned()`
			`+ clause`
			`}`

			`fn from_row(row: &Row<'_>) -> std::result::Result<User, rusqlite::Error> {`
			`Ok(User {`
			`id: row.get(0)?,`
			`email: row.get(1)?,`
			`password_encrypted: row.get(2)?,`
			`is_admin: row.get(3)?,`
			`created_at: row.get(4)?,`
			`updated_at: row.get(5)?,`
feat: when is_admin_initialized, implement strict api access check in graphql / v1beta / v1 (#987) 2023-12-08 11:59:56 +00:00			`auth_token: row.get(6)?,`
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00			`})`
			`}`
			`}`

refactor: restructure JwtPayload and MeQuery (#994) * extract schema::User as format for MeQuery * refactor: restructure JWTPayload * feat: update frontend to adapt JWT token format change * delete generated files 2023-12-09 10:12:54 +00:00			`impl From<User> for schema::User {`
			`fn from(val: User) -> Self {`
			`schema::User {`
			`email: val.email,`
			`is_admin: val.is_admin,`
			`auth_token: val.auth_token,`
			`}`
			`}`
			`}`

refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00			`impl DbConn {`
			`pub async fn create_user(`
			`&self,`
			`email: String,`
			`password_encrypted: String,`
			`is_admin: bool,`
feat(tabby-webserver): when user is registered with invitation code, … (#999) * feat(tabby-webserver): when user is registered with invitation code, delete invitation when user is created * update cmts * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> 2023-12-10 03:16:44 +00:00			`) -> Result<i32> {`
			`self.create_user_impl(email, password_encrypted, is_admin, None)`
			`.await`
			`}`

			`pub async fn create_user_with_invitation(`
			`&self,`
			`email: String,`
			`password_encrypted: String,`
			`is_admin: bool,`
			`invitation_id: i32,`
			`) -> Result<i32> {`
			`self.create_user_impl(email, password_encrypted, is_admin, Some(invitation_id))`
			`.await`
			`}`

			`async fn create_user_impl(`
			`&self,`
			`email: String,`
			`password_encrypted: String,`
			`is_admin: bool,`
			`invitation_id: Option<i32>,`
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00			`) -> Result<i32> {`
			`let res = self`
			`.conn`
			`.call(move \|c\| {`
feat(tabby-webserver): when user is registered with invitation code, … (#999) * feat(tabby-webserver): when user is registered with invitation code, delete invitation when user is created * update cmts * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> 2023-12-10 03:16:44 +00:00			`let tx = c.transaction()?;`

			`if let Some(invitation_id) = invitation_id {`
			`tx.execute("DELETE FROM invitations WHERE id = ?", params![invitation_id])?;`
			`}`

			`let id = {`
			`let mut stmt = tx.prepare(`
			`r#"INSERT INTO users (email, password_encrypted, is_admin, auth_token) VALUES (?, ?, ?, ?)"#,`
			`)?;`
			`stmt.insert((email, password_encrypted, is_admin, generate_auth_token()))?`
			`};`

			`tx.commit()?;`
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00			`Ok(id)`
			`})`
			`.await?;`

			`Ok(res as i32)`
			`}`

			`pub async fn get_user(&self, id: i32) -> Result<Option<User>> {`
			`let user = self`
			`.conn`
			`.call(move \|c\| {`
			`c.query_row(User::select("id = ?").as_str(), params![id], User::from_row)`
			`.optional()`
			`})`
			`.await?;`

			`Ok(user)`
			`}`

			`pub async fn get_user_by_email(&self, email: &str) -> Result<Option<User>> {`
			`let email = email.to_owned();`
			`let user = self`
			`.conn`
			`.call(move \|c\| {`
			`c.query_row(`
			`User::select("email = ?").as_str(),`
			`params![email],`
			`User::from_row,`
			`)`
			`.optional()`
			`})`
			`.await?;`

			`Ok(user)`
			`}`

			`pub async fn list_admin_users(&self) -> Result<Vec<User>> {`
			`let users = self`
			`.conn`
			`.call(move \|c\| {`
			`let mut stmt = c.prepare(&User::select("is_admin"))?;`
			`let user_iter = stmt.query_map([], User::from_row)?;`
			`Ok(user_iter.filter_map(\|x\| x.ok()).collect::<Vec<_>>())`
			`})`
			`.await?;`

			`Ok(users)`
			`}`
feat: when is_admin_initialized, implement strict api access check in graphql / v1beta / v1 (#987) 2023-12-08 11:59:56 +00:00
			`pub async fn verify_auth_token(&self, token: &str) -> bool {`
			`let token = token.to_owned();`
			`let id: Result<i32, _> = self`
			`.conn`
			`.call(move \|c\| {`
			`c.query_row(`
			`r#"SELECT id FROM users WHERE auth_token = ?"#,`
			`params![token],`
			`\|row\| row.get(0),`
			`)`
			`})`
			`.await;`
			`id.is_ok()`
			`}`

			`pub async fn reset_auth_token(&self, id: i32) -> Result<i32> {`
			`self.conn`
			`.call(move \|c\| {`
			`let mut stmt = c.prepare(r#"UPDATE users SET auth_token = ? WHERE id = ?"#)?;`
			`stmt.execute((Uuid::new_v4().to_string(), id))?;`
			`Ok(())`
			`})`
			`.await?;`

			`Ok(id)`
			`}`
			`}`

			`fn generate_auth_token() -> String {`
			`let uuid = Uuid::new_v4().to_string().replace('-', "");`
			`format!("auth_{}", uuid)`
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00			`}`

			`#[cfg(test)]`
			`mod tests {`
			`use super::*;`
			`use crate::service::db::testutils::create_user;`

			`#[tokio::test]`
			`async fn test_create_user() {`
			`let conn = DbConn::new_in_memory().await.unwrap();`

			`let id = create_user(&conn).await;`
			`let user = conn.get_user(id).await.unwrap().unwrap();`
			`assert_eq!(user.id, 1);`
			`}`

			`#[tokio::test]`
			`async fn test_get_user_by_email() {`
			`let conn = DbConn::new_in_memory().await.unwrap();`

			`let email = "hello@example.com";`
			`let user = conn.get_user_by_email(email).await.unwrap();`

			`assert!(user.is_none());`
			`}`
feat: when is_admin_initialized, implement strict api access check in graphql / v1beta / v1 (#987) 2023-12-08 11:59:56 +00:00
			`#[tokio::test]`
			`async fn test_auth_token() {`
			`let conn = DbConn::new_in_memory().await.unwrap();`
			`let id = create_user(&conn).await;`

			`let user = conn.get_user(id).await.unwrap().unwrap();`

			`assert!(!conn.verify_auth_token("abcd").await);`

			`assert!(conn.verify_auth_token(&user.auth_token).await);`

			`conn.reset_auth_token(id).await.unwrap();`
			`let new_user = conn.get_user(id).await.unwrap().unwrap();`
			`assert_eq!(user.email, new_user.email);`
			`assert_ne!(user.auth_token, new_user.auth_token);`
			`}`
refactor(webserver): split db.rs into sub implementations for each table (#985) 2023-12-08 05:25:24 +00:00			`}`